Although you are likely to make use of the filter and nat tables predominantly.

IPTables are broken down into tables (as see above e.g. 'nat', 'filter' etc) and then into chains (e.g. 'INPUT', 'OUTPUT', 'FORWARD'.

Tables:
FILTER - This table is used for the basic input / output traffic out and into the firewall - it is comprised of three chains: INPUT (for ingress traffic to the host), OUTPUT (for egress traffic from the host) and FORWARD (traffic from one NIC to another on the local host)

NAT - This table is (as the name suggests) performing NAT'ing on traffic - it is comprised of three chains - PREROUTING (This is where NAT'ing is performed before being routed (also known as (D)estination NAT) a typical example of this is where you want to NAT some internet IP's to local IP's on your LAN. The next is POSTROUTING where the NAT'ing will be performed after routing (also called (S)ource NAT - the more common NAT method) and is commonly used when you wish to provide internal users on a LAN access to the internet. And finally the OUTPUT chain - which deals with NAT traffic generated on the local host.

RAW - A much less commonly used table it is specifically for configuring exemptions for connection tracking.

The following command appends (-A) a new rule into the 'INPUT' chain in the 'filter' table where traffic equals TCP/80 and the connection state matches either 'NEW' or 'ESTABLISHED' and finally permits the rule:
iptables -t filter -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT

Or say we want to insert the same rule put higher up (above a deny all statement for example) the chain - we can do this with the -I switch: